Technology

Internet Crime: Vuvuzela Meets Viagra

E-mail spammers latch onto football's World Cup as the latest online hook for marketing come-ons. When will Web users learn?

"FIFA World Cup Scandal News." Headlines like that are red meat for rabid soccer fans. But click on the e-mail message it heralds and you might land on a "Canadian Pharmacy" web page, not the scintillating dispatch from South Africa you were expecting. Add the World Cup to that familiar list of topics—penis enlargement, get-rich-quick schemes, discounted Canadian drugs—used as click bait by some online marketers. A report released on June 22 by Symantec Hosted Services, a unit of security-software maker Symantec (SYMC), found that as much as one-fourth of all global spam sent since March has been related to the world soccer tournament. In scooping up spam messages, the company found such World Cup-related words as football and soccer. No wonder: Hundreds of millions of fans around the world are glued to TVs, watching World Cup matches. The Fédération Internationale de Football Assn. (FIFA) estimates that 715 million watched the finals of the last tournament in 2006. With an estimated 120 billion spam messages blasting out over the Internet every day, the trick for marketers has always been to latch onto must-read topics. Spammers scrape news sites for global events they can weave into subject lines. Antispam professionals say that any popular topic is likely to cause a spike—the TARP bank bailout, home foreclosures, the BP oil spill. "Any big calendar event or milestone, they'll use," said Paul Wood, a senior analyst who worked on the Symantec report. Spam generators use hot subjects to entice Web users to click on links that try to sell merchandise, gather personal information on them, or collect IP addresses spammers can use to send out more spam. Spammers aren't so stupid

Out of all global e-mail, almost 90 percent is spam, according to the Symantec report. Spammers' operating costs are so low that they can make money if only a tiny share of recipients actually makes a purchase. An estimated one in about 12 million people do, according to a joint study conducted by the University of California, San Diego, and the International Computer Science Institute, a nonprofit computer science research center. The industry generates annual revenues of perhaps hundreds of millions of dollars, says Stefan Savage, co-author of the study, whereas the cost of sending out spam "is virtually nothing." Software engineers at security software firms such as Symantec and McAfee (MFE) play a cat-and-mouse game to snare the endlessly adaptive spammers. Project Honey Pot, an organization that helps identify spammers, has counted 956 different ways they spell Viagra to get around e-mail spam filters. Variations thus far include V1AGRA, V1@GR@, V!AGRA, and VIA6RA, says project co-founder Matthew Prince. The job of screening spam has become more difficult as spammers increasingly work through social networks, says Savage. Spammers using Twitter can hide malicious links behind a URL shortener. perhaps sweetened with a search term concerning say, the BP oil spill. Someone searching for news about the Gulf might click on such a link without worrying where they'll wind up. In the end, the only way to stop all spam is for people to stop buying products from the ads, says Prince: "The startling thing is that people buy these pills and actually take them."